2023-11-13 09:33:28 -05:00
|
|
|
# sys-wireguard
|
|
|
|
|
|
|
|
|
|
Wireguard VPN in Qubes OS.
|
|
|
|
|
|
|
|
|
|
## Table of Contents
|
|
|
|
|
|
|
|
|
|
* [Description](#description)
|
|
|
|
|
* [Installation](#installation)
|
|
|
|
|
* [Usage](#usage)
|
|
|
|
|
* [Credits](#credits)
|
|
|
|
|
|
|
|
|
|
## Description
|
|
|
|
|
|
|
|
|
|
Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to
|
|
|
|
|
other qubes through the VPN with fail closed mechanism.
|
|
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
|
|
|
|
|
- Top:
|
|
|
|
|
```sh
|
|
|
|
|
qubesctl top.enable sys-wireguard
|
|
|
|
|
qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply
|
|
|
|
|
qubesctl top.disable sys-wireguard
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
- State:
|
|
|
|
|
<!-- pkg:begin:post-install -->
|
|
|
|
|
```sh
|
|
|
|
|
qubesctl state.apply sys-wireguard.create
|
|
|
|
|
qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install
|
|
|
|
|
qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure
|
|
|
|
|
```
|
|
|
|
|
<!-- pkg:end:post-install -->
|
|
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
|
|
Use the VPN qube `sys-wireguard` to enforce incoming and outgoing connections
|
|
|
|
|
from clients connected to the VPN with a fail safe mechanism.
|
|
|
|
|
|
2024-01-08 14:07:20 -05:00
|
|
|
To start using the VPN:
|
|
|
|
|
|
|
|
|
|
1. Copy the Wireguard configuration you downloaded to `sys-wireguard` and
|
|
|
|
|
place it in `/home/user/wireguard.conf`.
|
|
|
|
|
2. Run from Dom0 to apply Qubes Firewall rules: `qvm-wireguard`
|
|
|
|
|
|
2023-11-13 09:33:28 -05:00
|
|
|
## Credits
|
|
|
|
|
|
|
|
|
|
- [Unman](https://github.com/unman/shaker/tree/main/mullvad)
|
